Building Containers with Kubernetes and Knative

Developing for Kubernetes can be a daunting task for any developer not familiar with the ecosystem. The developer needs to understand how to create spec files, author CI/CD scripts with a system such as Jenkins or CircleCI, and instrument logging and tracing. Knative aims to solve some of these issues, abstracting the details of building images away from the developer.

Knative has the backing of industry giants and is designed from lessons learned at companies such as Google, Red Hat, IBM, and SAP. It is a set of components that enables modern CI/CD workflows that are native to kubernetes. The current components that are available today are

Build Components

The Knative Build component extends Kubernetes with custom resource definitions or CRDs this will give us a new object Build we can call from kubectl ex. kubectl get BuildsKnative Build includes a few batteries included BuildTemplate that cover most situations.

Buildpack - Buildpack is a core link in the chain of the Cloud Foundry deployment process

Jib -
Jib builds Docker and OCI images for your Java applications and is available as plugins for Maven and Gradle.

Kaniko - Kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster.

We will be using the Kaniko build template. Kankio is a project that builds containers without elevated privileges solving many of the issues when using the Docker daemon for building containers in a distributed environment.

Kaniko doesn’t depend on a Docker daemon and executes each command within a Dockerfile entirely in userspace. This enables building container images in environments that can’t easily or securely run a Docker daemon, such as a standard Kubernetes cluster.

A builder is an image that executes a step in the build process. For example, you may have a builder that runs unit tests on your code before it is deployed. We will not be using the Builder component today.

Getting Started

We have a simple web application that we use for smoke testing. I have disabled automatic build on docker hub for this example. At the end of the example, Knative will pull the source code from GitHub, build the Docker image, and push it to Docker Hub with a single Kubernetes command.

Install Knative (On GKE)

I have stood up a isolated cluster to experiment with Knative. I do not recommend installing alpha software, such as Knative on a cluster you rely on. Instructions specific to your provider are found in the Knative GitHub repo. I will be using Google Kubernetes Engine version 1.10.5-gke.3. The install instructions below only apply if you are using GKE. Follow instructions specific to your provider. Remember, this is ALPHA software, things may not work as expected.

Set project up for Kaniko

Kaniko requires a Dockerfile to be present. Below is the multi-stage Dockerfile for our simple web app. Because the application is written in Go it requires no dependencies allowing us to use the SCRATCH base image for a minimal artifact.

Authentication

To push to Docker Hub we need to provide the Build object with a ServiceAccount, a ServiceAccount requires a Secret so let us make that first. Note: StringData is converted to a base64 encoded data object when applied to the cluster.

Hopefully, you have a similar output. Check Docker Hub and make sure everything pushed correctly.

Caveats

Knative is new, beyond bleeding edge. It is likely to move fast breaking all of your work.

Every time you want to make a build you need to push a new build spec, this can be automated with Knative Serving, but that will have to wait for another post.

Knative requires Istio. Istio adds many complications to your cluster, and it may not be correct for your situation.

Summary

I have shown you how to use Knative to move from source to container only having to define a Dockerfile. While Knative is not ready for production use we are excited about the value it will bring to our customers as it matures.

In the next few weeks, I will be writing follow-on articles that explore more of the Knative eco-system. We will complete the loop by deploying our web app using the Knative Serving component and integrate with GitHub webhooks to automate the build kickoff. Make sure you subscribe to updates (upper right of page).

Don’t hesitate to contact boxboat for any of your containerization, devops, and orchestration needs.

BoxBoat Accelerator

Learn how to best introduce Docker into your organization. Leave your name and email, and we'll get right back to you.